unless Vagrant.has_plugin?("vagrant-reload") raise 'vagrant-reload plugin is not installed! - run: vagrant plugin install vagrant-reload' end Vagrant.configure("2") do |config| config.vm.define "router" do |cfg| cfg.vm.box = "ubuntu/focal64" cfg.vm.hostname = "router" cfg.vm.network :private_network, ip: "192.168.38.2", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provider "virtualbox" do |vb| vb.gui = false vb.name = "router" vb.memory = "3072" vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive rm -rf /var/lib/apt/lists/* apt-get update apt-get -y upgrade apt-get -y autoremove apt-get clean cat <<-'EOF' >/opt/router.sh #!/bin/bash echo "1" > /proc/sys/net/ipv4/ip_forward modprobe ip_tables iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE EOF cat <<-'EOF' >/etc/systemd/system/router.service [Unit] After=network.service Description=Router [Service] Type=simple ExecStart=/opt/router.sh [Install] WantedBy=multi-user.target EOF chmod 744 /opt/router.sh chmod 664 /etc/systemd/system/router.service systemctl daemon-reload systemctl enable router.service systemctl start router.service SHELL end config.vm.define "logger" do |cfg| cfg.vm.box = "bento/ubuntu-18.04" cfg.vm.hostname = "logger" cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provision :shell, path: "logger_bootstrap.sh" cfg.vm.provision "shell", run: "always", inline: <<-SHELL route del default gw 10.0.2.2 route add default gw 192.168.38.2 SHELL cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive cat <<-'EOF' >/opt/default-gateway.sh #!/bin/bash route del default gw 10.0.2.2 route add default gw 192.168.38.2 EOF cat <<-'EOF' >/etc/systemd/system/default-gateway.service [Unit] After=network.service Description=default-gateway [Service] Type=simple ExecStart=/opt/default-gateway.sh [Install] WantedBy=multi-user.target EOF chmod 744 /opt/default-gateway.sh chmod 664 /etc/systemd/system/default-gateway.service systemctl daemon-reload systemctl enable default-gateway.service systemctl start default-gateway.service SHELL cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "logger" vb.customize ["modifyvm", :id, "--memory", 4096] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "dc" do |cfg| cfg.vm.box = "detectionlab/win2016" cfg.vm.hostname = "dc" cfg.vm.boot_timeout = 600 cfg.winrm.transport = :plaintext cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 300 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.102", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.102 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-taskbar-layout-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'DC Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "dc.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 3072] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "wef" do |cfg| cfg.vm.box = "detectionlab/win2016" cfg.vm.hostname = "wef" cfg.vm.boot_timeout = 600 cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 300 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "192.168.38.102" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.103 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", path: "scripts/install-wefsubscriptions.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-evtx-attack-samples.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false cfg.vm.provision "shell", path: "scripts/install-microsoft-ata.ps1", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'WEF Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "wef.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 2048] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "win10" do |cfg| cfg.vm.box = "detectionlab/win10" cfg.vm.hostname = "win10" cfg.vm.boot_timeout = 1200 cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 1200 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.104 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'Win10 Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "win10.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 2048] vb.customize ["modifyvm", :id, "--cpus", 1] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end end